Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

AP41 leverages Google GC2, ransomware gangs abuse Process Explorer driver to kill security software, and new details regarding 3CX’s software supply chain compromise emerge.

I think we can all agree that the Australian government has demonstrated its will to empower our country, its organisations and citizens to be more secure online. Australia has become a prime target for bad actors, and like my counterparts, I appreciate a government with a hands-on approach—one that recognises the criticality of cybersecurity.

It’s time to broaden our conception of the external attack surface to include all common attack vectors. Traditionally, the external attack surface is thought of as all of an organization’s external IT assets: domains, addresses, web servers, SSL certificates, externally-visible software, and so on.

Our team has been hard at work creating updates and new features just for you, see what we’ve been up to over the last month.

Governments everywhere are increasingly concerned about implementing frameworks to improve the protection of personal and commercial information and defend national security against cyberattacks. I was recently in Australia, and it was hard to ignore the news that the Australian government released a discussion paper to shape its work on its 2023 – 2030 cybersecurity strategy.

Earlier today, April 25, 2023, researchers Pedro Umbelino at Bitsight and Marco Lux at Curesec published their discovery of CVE-2023-29552, a new DDoS reflection/amplification attack vector leveraging the SLP protocol. If you are a Cloudflare customer, your services are already protected from this new attack vector.

In this version of the Hacker’s Playbook Threat Coverage round-up, we are highlighting newly added coverage for several recently discovered or analyzed ransomware and malware variants, including Sabbath ransomware, 3CXDesktopApp vulnerability, amongst others. SafeBreach customers can select and run these attacks and more from the SafeBreach Hacker’s Playbook™ to ensure coverage against these advanced threats.

Over the past few years, IT companies adopted IoT, wireless and hybrid networks to stay competitive and to meet the demands of their clients. Among these networks, wireless networks are the most common and the most vulnerable to cyberattacks as hackers constantly try to penetrate them. A cyberattack is initiated by planting a rogue device in your organization’s network.

Unfortunately, for LastPass and its users, this nightmare became a reality in August 2022 when a developer account was compromised. This led to a series of events that ultimately led to the exposure of sensitive customer data. A hacker exploited an employee to access the company’s data. But get this: the hacker exploited a three-year-old vulnerability that wasn’t patched. That’s like leaving your front door wide open for three years and being surprised when a burglar walks right in!

Supply chain attacks are a growing and increasingly sophisticated form of cyber threat. They target the complex network of relationships between organizations and their suppliers, vendors, and third-party service providers. These attacks exploit vulnerabilities that emerge due to the interconnected nature of digital supply chains, which often span multiple organizations, systems, and geographies.